package com.mc.jf.config;

import com.mc.jf.handler.AcessDeniedHandlerImpl;
import com.mc.jf.handler.AuthenticationEntryPointImpl;
import com.mc.jf.service.impl.PlanUserServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.sql.DataSource;

@Configuration
public class SecurityConfig {

    @Autowired
    DataSource dataSource;

    @Autowired
    PlanUserServiceImpl planUserService;


    @Autowired
    JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;

    @Autowired
    AuthenticationEntryPointImpl authenticationEntryPoint;

    @Autowired
    AcessDeniedHandlerImpl acessDeniedHandler;

    @Bean
    public PasswordEncoder getPw() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

        http.headers().frameOptions().disable()
                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .antMatchers("/js/**", "/css/**", "/images/**", "/lib/**", "/login").permitAll()
                .antMatchers("/api/**").permitAll()
                .antMatchers("/fhplan").permitAll()
                .antMatchers("/plan").permitAll()
                .antMatchers("/gen/**").permitAll()
                .antMatchers("/gen/**").permitAll()
                .antMatchers("/*.txt").permitAll()
                .anyRequest().authenticated()
                .and()
                .csrf().disable();


        http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        http.exceptionHandling()
                .authenticationEntryPoint(authenticationEntryPoint)
                .accessDeniedHandler(acessDeniedHandler);
        http.cors();


        return http.build();
    }

    @Bean
    public AuthenticationManager authenticationManager() throws Exception {
        DaoAuthenticationProvider dao1=new DaoAuthenticationProvider();
        dao1.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
        dao1.setUserDetailsService(planUserService);

        //创建ProviderManager，并注入AuthenticationProvider
        ProviderManager manager=new ProviderManager(dao1);
        return manager;
    }


}
